From bcf7fab825bc672ab6745e2fe77b2403a5cb1ad0 Mon Sep 17 00:00:00 2001
From: Ludy <Ludy87@users.noreply.github.com>
Date: Sun, 30 Mar 2025 16:20:05 +0200
Subject: [PATCH] Add default authority assignment and enhanced user creation
 method (#3266)

# Description of Changes

Please provide a summary of the changes, including:

- **What was changed**:
- Automatically assign the `USER` role to newly created users in the
`saveUser(String username, String password)` method.
- Introduced a new `saveUser(String username, String password, boolean
firstLogin, boolean enabled)` method to allow setting `firstLogin` and
`enabled` flags at creation time.
- Added `"anonymoususer"` to the list of restricted usernames in
`isUsernameValid`.

- **Why the change was made**:
- Ensures users have proper default roles assigned to avoid permission
issues post-creation.
- Provides more flexibility for user creation in scenarios like
pre-provisioning or scripting users with specific states.
- Prevents the creation of potentially reserved or insecure usernames
like `anonymoususer`.

---

## Checklist

### General

- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.
---
 .../SPDF/config/security/UserService.java      | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/main/java/stirling/software/SPDF/config/security/UserService.java b/src/main/java/stirling/software/SPDF/config/security/UserService.java
index 155ed76b0..f3627d499 100644
--- a/src/main/java/stirling/software/SPDF/config/security/UserService.java
+++ b/src/main/java/stirling/software/SPDF/config/security/UserService.java
@@ -205,6 +205,7 @@ public class UserService implements UserServiceInterface {
         user.setPassword(passwordEncoder.encode(password));
         user.setEnabled(true);
         user.setAuthenticationType(AuthenticationType.WEB);
+        user.addAuthority(new Authority(Role.USER.getRoleId(), user));
         userRepository.save(user);
         databaseService.exportDatabase();
     }
@@ -230,6 +231,22 @@ public class UserService implements UserServiceInterface {
         saveUser(username, password, role, false);
     }
 
+    public void saveUser(String username, String password, boolean firstLogin, boolean enabled)
+            throws IllegalArgumentException, SQLException, UnsupportedProviderException {
+        if (!isUsernameValid(username)) {
+            throw new IllegalArgumentException(getInvalidUsernameMessage());
+        }
+        User user = new User();
+        user.setUsername(username);
+        user.setPassword(passwordEncoder.encode(password));
+        user.addAuthority(new Authority(Role.USER.getRoleId(), user));
+        user.setEnabled(enabled);
+        user.setAuthenticationType(AuthenticationType.WEB);
+        user.setFirstLogin(firstLogin);
+        userRepository.save(user);
+        databaseService.exportDatabase();
+    }
+
     public void deleteUser(String username) {
         Optional<User> userOpt = findByUsernameIgnoreCase(username);
         if (userOpt.isPresent()) {
@@ -352,6 +369,7 @@ public class UserService implements UserServiceInterface {
 
         List<String> notAllowedUserList = new ArrayList<>();
         notAllowedUserList.add("ALL_USERS".toLowerCase());
+        notAllowedUserList.add("anonymoususer");
         boolean notAllowedUser = notAllowedUserList.contains(username.toLowerCase());
         return (isValidSimpleUsername || isValidEmail) && !notAllowedUser;
     }